Password and Sessions...

Anon

I need some help with meshing MySql and PHP together. I need help learning how to create sessions so that I can have a member log into my website, and then, on every single page on the website, they have some of their own account details, such as their email address, amount of resources in their account, ect. Any help would be greatly appreciated.

Anon

A couple of steps should see you clear.

Step 1.

Start a session and load all the info you want into it (i.e. mail address, resources etc).
Commands that you will to use are:
session_start(); and
session_register('var name / array name');

On my login page, I pull all the details out of a db and load them into an array whih I then register.

Step 2.

Create a php file which you can include on every subsequent page to check that they are logged in. Mine looks like this:

<?php
session_start();
if (isset($login))
{
if ( $login !== 'validated' )
{
echo "Sorry , error in processing";
}
}
else
{
session_destroy();
{
header("Location: http://".$SERVER['HTTP_HOST'].dirname($SERVER['PHP_SELF'])."/login_front.php?code=2");
}
}
?>

Looks a bit messy, but what happens is :
1. The current session is opened : session_start.
2. A registered variable called $login is checked to see if it's set.

3. If it is then no worries. If not then a header command is used to push the user back to the login page (called login_front).

Step 3.

This code is included on every page after login using
<?php
include "./session_check.php"
?>

BEFORE I declare the <head> tag for the page.

Hope this helps

Justin

Anon

It's not recommended to use session for security matter. Use cookie instead because session vars can be stolen by any page in the same IE window.